If you are currently working with another reseller you may not be eligible to receive any promotional items with your purchase. Please contact us before placing your order. BarraGuard.com.au reserves the right to deny free promotional items on any purchase.

Barracuda NextGen Firewall F-Series features intelligent site-to-site traffic management capabilities that optimize both availability and performance of the Wide Area Network (WAN). Administrators can control application-level routing and prioritization of traffic across multiple links, tunnels, and traffic conditions.

Central Management Across the Enterprise

With hardware models ranging from the micro branch office up to the large headquarters and datacenters, and a corresponding offering of virtual appliances, the Barracuda NextGen Firewall F-Series is designed for deployment across the entire enterprise. Through the Barracuda NG Control Center, administrators can manage security, content and traffic management policies from a single interface. Centralized management of security and content policy provides a number of benefits, including:

Consistent security posture and policy enforcement across the enterprise

Real-time accounting and reporting across multiple gateways

Comprehensive history and rollback of configuration and policy changes across the network

Centralized version control of anti-spam, anti-virus, Web filter and network access control updates

Designed for modern networks, our F-Series firewalls are purpose-built to help your organization adopt cloud-based business applications and improve user productivity across highly-distributed networks. In addition to securing the network, they optimize network traffic and ensure users have access to the resources they need across on-premises, private, and public cloud environments.

In addition to next-generation firewall protection, the F-Series Firewall provides industry-leading operational efficiency and added business value by safeguarding network traffic against line outages and link quality degradation

Scalable Security for the Enterprise

Enterprise networks grow larger and more complex every day - and more critical to key business operations. The Barracuda NextGen Firewall is an essential tool to optimize the performance, security, and availability of today's dispersed enterprise WANs.

Integrated Next-Generation Security

The Barracuda NextGen Firewall F-Series is designed and built from the ground up to provide comprehensive, next-generation firewall capabilities. Cloud-hosted content filtering and reporting offload computeintensive tasks to the cloud for greater resource efficiency and throughput. Based on application visibility, user-identity awareness, intrusion prevention, and centralized management, the Barracuda NextGen Firewall is the ideal solution for today's dynamic enterprises.

Regaining Control of User Activity

The Barracuda NextGen Firewall F-Series restores control to networks made opaque and unmanageable by mobile devices at work, Web 2.0 applications, increasing dispersion, and the growing integration and dependence on cloud-based resources. It extends security coverage beyond network boundaries, and makes it easy to monitor and regulate everything the network and its users are doing.

The Barracuda NextGen Firewall dashboard provides real-time information and summaries of what is going on in an organization's network.

Benefits:

Enable Intelligent Network Perimeters

Security, WAN optimization, and application control features are available in all models to fit any network environment from small remote sites to large headquarters. Provide business quality-of-service to cloud applications like Office 365 by dynamic prioritization over non-critical web traffic. Guarantee users' access to critical applications through granular policy controls. Dynamically balance traffic across multiple Internet connections to minimize downtime and improve performance.

Secure Your Network's Perimeter

Secure your organization's data against hackers, malware, DoS attacks, and botnets with Advanced Threat Detection. Traditionally, these threats would routinely bypass signature-based IPS and antivirus engines. Advanced Threat Detection stops threats in their tracks. You gain granular control backed by real-time, zero-hour threat intelligence, all from one single pane of glass that is easy to use and manage for the most advanced, up-to-the-minute security.

Optimized Site-to-Site Connectivity

Securely connect networks between multiple sites. Transparently span across up to 24 physical uplinks with VPN tunnels that are highly redundant against link loss. Built-in traffic compression and WAN optimization effectively increase available bandwidth. Automatically create and tear down VPN tunnels between spokes in a hub-and-spoke architecture to enhance connection quality for latency-sensitive traffic.

Key Features: TINA VPN , Site-to-Site Connectivity

Ready for Virtual Environments and Hybrid Cloud Deployments

Provides secure, fast connectivity across hybrid on-premises and cloud network components. Easily deploy as a virtual appliance for virtualized private networks in VMware, XenServer, KVM, and Hyper-V. Provide network segmentation and security on public cloud platforms such as Amazon Web Services and Microsoft Azure; available both as Pay-As-You-Go and Bring-Your-Own-License. Traffic flows can be optimized within dynamically created VPN tunnels between on-premises and cloud components to remove any performance bottlenecks.

Features:

Advanced Threat Detection

While traditional solutions usually detect network threats after they have breached the network, by sending log notifications to the administrator, the Barracuda Advanced Threat Detection (ATD) implements full system emulation, which provides deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.

The Barracuda ATD offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization's network.

The Barracuda Advanced Threat Detection is an optional subscription.

Application Control 2.0

The Barracuda NextGen Firewall provides a powerful and extremely reliable detection and classification of more than 1,200 applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates establishing and enforcing acceptable access and use policies for users and groups by application, application category, location, and time of day. Administrators can now:

Block unwanted applications for certain users or groups

Control and throttle acceptable traffic

Preserve bandwidth and speed-up business-critical applications to ensure business continuity

The Barracuda NextGen Firewall features advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value in addition to security by significantly improving network quality and availability, as well as reducing direct line cost due to bandwidth saved.

For rich reporting and drill-down capabilities, the Barracuda NextGen Firewall comes with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, crucial for QoS optimization for business-critical applications. Furthermore, it allows adjusting and refining the corporate application use policies.

Deep Application Context

The deep application context analysis allows for deeper inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means administrators can gain detailed insight into what a specific application was used for or if a user was trying to circumvent the corporate application usage policy.

Personalized Application Control

On top of the 1,400+ applications that are delivered out of the box and constantly updated, the Barracuda NextGen Firewall provides a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization's specific needs.

User Identity Awareness

Different network users may need different bandwidth-use rules. Most often, access to certain network resources is limited to certain users or user groups. Preferential allocation of more bandwidth to certain users or user groups and a limitation of available bandwidth for others is a common requirement. It requires the network device to know what user an IP actually belongs to. Barracuda NextGen Firewalls are fully user-identity aware by linking a user to one or several IP addresses. Any role assignments that result from identity and device posture checks communicated to the firewall by our health agents can be used within the firewall to facilitate role-based access control (RBAC). Barracuda NextGen Firewalls support authentication of users and enforcement of user-aware firewall rules, web filter settings, and Application Control 2.0 using Active Directory, NTLM, MS CHAP, RADIUS, RSA SecurID, LDAP/LDAPS, TACACS+, as well as authentication with x.509 certificates.

Reporting

The Barracuda NG Report Creator is a free tool that allows administrators to collect and consolidate traffic and application usage statistics from multiple Barracuda NextGen Firewall units and to create easy-to-read reports in pdf format. Report tasks can be scheduled at various times during the day or week and distributed automatically via email. Besides predefined out-of-the-box reports such as Top Applications, Top Blocked URL Categories and Websites, Top Users by Bandwidth, as well as activity reports for specific users, the reporting engine provides customizable granular reports on user activity, activities during last day/week/month, etc.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

Directory traversal and probing and scanning attempts

Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda NextGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.

As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NextGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NG Control Center.

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Protection

In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda NextGen Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network. Additionally, the Barracuda NextGen Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda NextGen Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.

Malware Protection

Barracuda Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

Application-Based Link Selection

The combination of next-generation security and adaptive WAN routing allows the Barracuda NextGen Firewall to dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.

Traffic Shaping and Quality of Service

Limited network resources make bandwidth prioritization a necessity. The Barracuda NextGen Firewall provides strong Quality of Service (QoS) that lets the administrator apply quality aspects and service guarantees to selected traffic flows within the WAN. QoS is often used to prioritize the network traffic of applications that are critical and must not be affected by the network traffic of other applications. The Barracuda NextGen Firewall provides a large set of QoS techniques, such as traffic shaping, traffic prioritization, and bandwidth partitioning, which assigns a bandwidth limit to certain types of traffic. To select traffic for different priority classes, the available real-time traffic analysis can be used to identify whether network traffic was sent by business-critical applications or by potentially unwanted applications.

Failover and Link Balancing

To ensure the best and most cost-efficient connectivity, the Barracuda NextGen Firewall provides a wide range of built-in uplink options such as unlimited leased lines, up to four xDSL uplinks, etc. By eliminating the need to purchase additional devices for link balancing, security conscious customers will have access to a WAN connection that never goes down, even if one or two of the existing WAN uplinks are severed. Further, traffic intelligence mechanisms make sure the next defined uplink is activated on the fly and all traffic is rerouted to make full use of the remaining lines. In the event that backup lines provide less bandwidth, intelligent traffic shaping automatically prioritizes business-critical applications, networks, or distinct endpoints.

WAN Optimization

The Barracuda NextGen Firewall can significantly enhance the WAN performance of distributed network environments by improving availability, performance, and response time of business-critical applications by lowering throughput and transmission delays, affecting time-sensitive decisions and enterprise profitability. The next-generation networking concept of the Barracuda NextGen Firewall provides a set of powerful features to efficiently reduce and offset the negative effects of high line latencies and response times. By implementing enterprise-grade WAN acceleration features such as data deduplication, traffic compression, and protocol optimization, the Barracuda NextGen Firewall can significantly improve site-to-site WAN traffic and increase productivity by accelerating the delivery of business applications - at no extra charge. WAN traffic can be effectively compressed up to 95 percent, significantly reducing the bandwidth needed at remote locations while increasing network responsiveness.

Microsoft Azure

Besides VMware, KVM, and XenServer, the Barracuda NextGen Firewall is fully compatible for use in Windows Azure for establishing site-to-site and/or client-to-site connections to Azure and creating a DMZ in Azure to implement an additional high-security layer.

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances to help organizations.

Barracuda NextGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring, and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualized environments.

Amazon EC2

Besides VMware, KVM, and XenServer, the Barracuda NextGen Firewall is fully compatible for use in Amazon Elastic Compute Cloud (EC2).

As organizations have adopted virtualization for their server infrastructures, there has been a corresponding trend to extend the benefits of virtualization to the security layer. Barracuda’s award-winning security solutions are available as virtual appliances.

Barracuda NextGen Firewall virtual appliances are complete solutions, eliminating the need for installing, configuring and integrating disparate operating systems, databases, system management, and application software. In addition, Barracuda Networks virtual appliances come “locked down” from a security perspective, built from the ground up on the Barracuda OS, a hardened Linux operating kernel and optimized to run seamlessly within virtualization environments.

BYOD (Bring Your Own Device)

The influx of private computing devices, from smartphones to laptops and tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The Barracuda NextGen Firewall provides strong capabilities to give users the full advantage of their devices while reducing possible risks to the business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Network Access Control

The Barracuda Network Access Client, when used with the Barracuda NextGen Firewall, provides centrally managed Network Access Control (NAC) and an advanced personal firewall. This allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of antivirus and/or anti-spyware, and user ID. Access restrictions are enforced locally on the client by the centrally managed personal Windows firewall as well as at the gateway. Using existing Barracuda NextGen Firewall appliances, Barracuda Networks offers a ready-to-use Network Access Control framework without expensive investments into the basic network infrastructure. All Barracuda Network Access Clients as well as all Barracuda NextGen Firewall units acting as policy servers can be administered, monitored, and reviewed from a single Barracuda NG Control Center.

Scalable Deployment

Managing the security issues in a widely distributed enterprise network can be painful and extremely time-consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With the Barracuda NG Control Center, managing mulitple Barracuda NextGen Firewalls takes the same amount of time as managing one.

Create pre-configured templates for easy-rollout.

Have all information about the enterprise security deployment available in real time.

Create reports of either one or all Barracuda NextGen Firewalls.

Lifecycle Management

Scalable Barracuda NextGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Revision Control System, Audit, and Reporting

The integrated revision control system increases auditing ease for the infrastructure and cuts overhead.

Additionally, the revision control system for all changes provides compliance with governmental and company policy requirements.

Comprehensive reporting makes bandwidth usage and all other security-related information visible, reportable, and easy to read.

Mobile Portal

Gain easy access to your organization’s applications via SSL VPN connections. Barracuda‘s Mobile Portal enables you to set up shortcuts on the home screen of devices such as smartphones or tablets. When accessing the portal via the web browser on a mobile device, users can browse apps, network folders and files as if they were connected to the office network.

Barracuda’s Mobile Portal is an optional feature included with an “SSL VPN and NAC” subscription.

Specifications

Barracuda NextGen Firewall F82

Interface

Copper Ethernet NICs

4x1 GbE

USB 2.0

4

Serial / console

1x RJ45

WAN interfaces - model DSLA

1x RJ11 + 1x1 GbE SFP

WAN interfaces - model DSLB

1x RJ45 + 1x1 GbE SFP

VGA

Yes

Integrated WiFi (IEEE 802.11b/g/n)

Yes

Performance

Firewall throughput 1

1.35 Gbps

VPN throughput [AES-128, NOHASH] 2

240 Mbps

VPN throughput [AES-128, MD5] 2

200 Mbps

VPN throughput [AES-128, SHA] 2

180 Mbps

VPN throughput [AES-256, MD5] 2

200 Mbps

IPS throughput 3

500 Mbps

NGFW throughput [Mbps] 4

400 Mbps

Concurrent sessions

80,000

New sessions/s

8,000

Recommended number of users 5

50-100

Memory

RAM

4 GB

Mass Storage

Type

Solid State

Size

50 GB

SSD MTBF

1,200,000 hours

Dimensions

Weight appliance

4.9 lbs / 2.2 kg

Appliance size: width x depth x height

14.8 x 6.3 x 1.7 inch

Weight carton with appliance

7.0 lbs

Carton size: width x depth x height

17 x 11.5 x 6 inch

Weight carton with appliance

8.4 lbs / 3.8 kg

Form factor

Desktop

Hardware

Hardware crypto accelerator

Yes, built-in

Display

-

Cooling

Fanless

Environmental

Noise emission

60 db/A

Operating temperature

30 to 95 °F

Storage temperature

-5 to +160 °F

Operating humidity

5% to 95% non-condensing

MTBF [System]

MTBF

> 5 years

Certifications & Compliance

CE emissions

Yes

CE electrical safety

Yes

FCC emissions

Yes

ROHS compliant

Yes

Power & Efficiency

Power supply

Single

Power supply type

External brick

Power type [AC/DC]

AC

Input rating

100-240 Volts

Input frequency

50 - 60 Hz

Auto sense

Yes

Wattage / max. power draw

45 W

Max. power draw @ 120V

0.4 Amps.

Max. power draw @ 230V

0.4 Amps.

Max. heat dissipation [W]

19 W

Max. heat dissipation [BTU]

65 BTU

Energy efficiency [average]

> 85%

Packaging Content

Appliance

Yes

Serial cable

Yes

Straight network cable

Yes

External power brick & cables

Yes

USB flash drive for recovery & installation

Yes

Quick start guide

Yes

2x Wireless antenna

Yes

2x Barracuda wall mount bracket

Yes

2x Barracuda L-shape rack mount bracket

Yes

1 Firewall throughput measured with large packets (MTU1500) UDP packets, bi-directional across multiple ports.2 VPN performance is based on Barracuda TINA VPN protocol, 1415 Byte UDP packets using AES128 NOHASH, bidirectional using BreakingPoint traffic generator.3 IPS throughput is measured using large packets (MTU1500) UDP traffic and across multiple ports.4 NGFW throughput is measured with IPS, application control, and web filter enabled, based on BreakingPoint Realworld-IPS-Enterprise-Traffic-Mix, bidirectional across multiple ports.5 For more detailed information on sizing, please use the free sizing application "Barracuda NextGenBlueprint" for iOS - available for iPhones and iPads.

Model Comparison:

With hardware models available for small branch offices as well as large headquarters and data centers, and a corresponding offering of virtual appliances, the Barracuda NextGen Firewall F-Series is designed for deployment across the entire enterprise.

1 For detailed information on how throughput numbers are measured, please refer to the detailed hardware specifications on page 21ff.2 Basically, the number of Barracuda VPN Clients connecting is unlimited.3 Model F82 and its submodels DSLA and DLSB) are only available for EMEA region.4 F18x consists of models F180 and F1835 F18xR consists of models F180R, F183R, and F184R

Technical Specs

Firewall

Stateful packet inspection and forwarding

Full user-identity awareness

Intrusion Detection and
Prevention System (IDS/IPS)

Application control and granular
application enforcement

Interception and decryption of SSL/
TLS encrypted applications

Antivirus and web filtering
in single pass mode

• Email security

SafeSearch enforcement

Google Accounts Enforcement

Denial of Service protection (DoS/DDoS)

Spoofing and flooding protection

ARP spoofing and trashing protection

DNS reputation filtering

NAT (SNAT, DNAT), PAT

Dynamic rules / timer triggers

Single object-oriented rule set for routing, bridging, and routed bridging

NextGen Firewall Technology:

The first Cloud-Generation Firewall

More and more companies all over the world adopt and integrate public cloud offerings into their network. But “before you can work in the cloud, you have to get to cloud” has never been more true than today. Shifting workloads to cloud based services, regardless if Software as a Service (SaaS), Platform as a Service (PaaS) or Infrastructure as a service (IaaS) exposed a different set of requirements WAN Edge and network security devices today need to address: Optimizing connectivity for business critical applications, enforcing higher security levels than ever and reducing cost by moving away from expensive MPLS lines. Because traditional WAN edge and security products did not adapt to these new challenges, a new set of solutions enabling cost efficient connectivity across the cloud-enabled WAN has emerged: SD-WAN. However, SD-WAN typically does not adress security-related aspects. It is considered more like a connectivity solution that works besides the security solution - at best. Just like different species.

Barracuda NextGen Firewalls F are the first to combine full NextGen Security with the Connectivity optimization and cost savings potentials of a full SD-WAN solution onto one single easy to manage hardware, virtual or cloud based appliance. The F-Series’ cloud-ready firewalls improve site-to-site connectivity and enable uninterrupted access to applications hosted in the cloud all while simplifying the administration of network operations for enterprises and managed services providers.

All pieces of the solution are centrally manageble across all platforms and release versions, reducing ongoing adminitrative overhead and ensuring policy compliance and enforcement across the wide area network.

Cloud Ready: The ongoing shift of IT workloads to cloud services in order to increase flexibility and reduce costs requires a reliable, cost-effective extension of the company WAN to the cloud. This applies to headquarters as well as direct Internet breakouts at every branch location. Barracuda NextGen Firewall F-Series models come fully featured for all common cloud IaaS providers, as virtual appliances, and in a variety of hardware appliances for even small offices. Hybrid WAN and cloud-only networks can thereby also benefit from the F-Series.

Secure SD-WAN Capabilities: Significantly increase uplink and WAN network reliability and performance by using and aggregating up to 24 active, load-sharing connections of any type (broadband, 4G, MPLS between locations). WAN optimization functionality including data deduplication and caching, traffic compression and application acceleration increase available bandwidth far beyond the sum of all available physical uplinks combined. Dynamic, on-the-fly adjustments of QoS and application usage policies depending on dynamic bandwidth measurement make sure there will always be enough bandwidth for business-critical applications. And with Zero Touch Deployment even the largest rollouts are easy to execute.

Unified Remote Access: Access to applications - regardless if hosted in the cloud or on premises - is commonly expected not only from within the company network but from any remote location or mobile device. Barracuda NextGen Firewalls include zero-touch for remote access, unified remote-access clients for macOS, Windows, iOS, and Android devices to make sure employees enjoy fast and reliable access to corporate applications from inside the network – and anywhere else, too.

Once Only Central Management: The entire Barracuda NextGen Firewall F-Series infrastructure, regardless if only a few devices or a couple thousand distributed across thousands of locations and multiple deployment types, can be deployed, managed and monitored from a single pane of glass through the Barracuda NextGen Control Center. Managing several hundreds of firewalls requires the same effort as managing one firewall.

Unparalleled Cost Savings: Barracuda NextGen Firewalls consolidate security, SD-WAN, link balancing, and WAN compression disciplines into a single appliance that provides significant cost savings due to the reduction or elimination of expensive leased lines and consolidation of security devices. Even for small rollouts of only a few devices, customers achieve a return of investment after just a few months, while thousands of dollars can be saved over the course of the next few years.

Full Application Awareness
Mobile devices, online applications, social networks, and streaming media have caused an enormous increase in non-business network data traffic, pushing bandwidth capacities to their limits and causing degradation in performance of business-critical applications.

Application Control built into every Barracuda NextGen Firewall allows admins to accurately identify and control thousands of protocols and applications (like software updates, BitTorrent, Skype, instant messaging etc.) crossing the network and not visible with regular port-based firewalls. The Barracuda NextGen Firewall F-Series gives administrators granular control over applications. They can define rules for forwarding application traffic using the most suitable uplink based on type of application, user, content, time of day, and even geographical location. Unsanctioned applications can be reliably blocked or bandwidth throttled to an acceptable level.

Deep Application Context
Deep application context analysis enables deeper inspection of the application data stream by continually evaluating the actual intentions of applications and the respective users. For example, if a user attempts to use an application like “hidemyass” to bypass traditional web filtering, Barracuda NextGen Firewalls cannot only block the application itself, but also report the website the user originally attempted to connect to.

Custom Application Definitions
On top of thousands of applications that are delivered out of the box and constantly updated, Barracuda NextGen Firewalls provide an easy way to create userdefined application definitions. For example, admins can allow just a very limited set of Facebook apps while blocking all others, or assign more bandwidth to homegrown or legacy business systems.

Application-Based Routing
A unique combination of next-generation security and adaptive WAN routing technology allows the Barracuda NextGen Firewall F-Series to dynamically assign available bandwidth, uplink, and routing information based not only on protocol, user, location, and content, but also on applications, application categories, and even web content categories. This keeps expensive, highly available lines free for business- and missioncritical applications, while significantly reducing response times and freeing up additional bandwidth.

Block unwanted applications, control acceptable traffic, and ensure business continuity

Real-Time Application Reporting and Manipulation
For on-the-fly reporting and drill-down capabilities, Barracuda NextGen Firewalls come with real-time and historical application visibility that show live and recent application traffic on the corporate network that can be interactively filtered and drilled down. This helps admins to decide which application connections should be given bandwidth prioritization and who is currently violating acceptable use policies.

Application Risk and Usage Report
The Application Usage and Risk Report is one of many predefined reports in the free Barracuda Report Creator tool that provides automated reports and risk analysis based on the network traffic traversing the network. It gives an overview of how effective the currently deployed policies are in detecting and enforcing corporate application usage policies and even provides recommendations of what actions should be taken to improve these policies.

Barracuda NextGen Firewalls can easily be deployed risk free into existing networks to collect data required for generating such reports by using either a Layer 2 network bridge or SPAN Port / Port Mirroring deployment. No matter what method is used, collecting the traffic has no impact on the firewall performance at all.

Creating reports can be started manually (on-demand) or scheduled (including automated email distribution). And - of course - reports are fully customizable to comply with possible branding requirements.

Full User Identity Awareness
Barracuda NextGen Firewalls combine application control with seamless support for all commonly used authentication schemes such as Active Directory, RADIUS, and LDAP/S. That means reporting can be done based on user and group membership (instead of source IP addresses), and firewall and application policy rules can easily be created for individual users and groups.

Web Security Gateway

Advanced Threat Protection
Barracuda’s Advanced Threat Protection (ATP) uses nextgeneration sandbox technology including full-system emulation to catch advanced persistent threats, zeroday malware, and all advanced malware designed specifically to evade detection. Advanced Threat Protection on Barracuda NextGen Firewalls ensures flexible and simple deployment into existing networks because no additional hardware is required. Resourceintensive sandboxing is offloaded to the Barracuda Advanced Threat Protection Cloud with its multiple datacenters in the Americas, mainland Europe, and the UK. A hash fingerprint of each file and the good/bad classification of all sandboxed files are stored and cached for future use, effectively speeding up processing and guaranteeing near instantaneous results. Over 95% of all files checked by the ATP service have typically been seen before and only very few files need processing.

With Advanced Threat Protection on Barracuda NextGen Firewalls, the firewall administrator has full policy control over how PDF documents, Microsoft Office Files, EXEs/MSIs/DLLs, Android APKs, compressed files, and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined, thereby preventing the malware from spreading within the network. Customizable, on-demand analysis reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, and evasion and obfuscation techniques. This also enables network activities such as establishing encrypted connections to botnet command and control centers for increased security posture to evade scaled botnet attacks.

Botnet and Spyware Protection
In combination with the Advanced Threat Protection cloud database, all Barracuda Next Gen Firewall F-Series provide protection against botnet infections. The F-Series detects potentially infected clients based on DNS requests. Once an infected client is detected, it can be isolated automatically, and an alert can be created or reported with the Barracuda Report Creator.

TypoSquatting & Link Protection for Email
This important feature of ATP adds protection for two rising threats: uncovering misleading and misspelled links. The link protection component automatically rewrites deceptive URLs in email messages to a Barracuda-validated URL and informs the requesting user on this change via a warning page displaying all the details about the blocked URL. TypoSquatting is a common trick to fool users into clicking on a link to a known source although the link is misspelled (e.g., examlpe.com), comes with a different top-level domain (e.g., example. org), or contains special characters (e.g., greek character rho for “p” - examρle.com), etc.

Safe Search Enforcement
Many search engines have a safe search setting that filters out adult search results such as inappropriate images and videos in search query return traffic. On Barracuda NextGen Firewalls customers can easily activate Safe Search Enforcement so that the firewall will enforce safe search settings for all common search providers such as Google, Yahoo, and Bing, and even within YouTube. Search engines not supported can easily be blocked. This functionality is even effective within SSL-encrypted search engines like google.com if SSL Inspection (included with all Barracuda NextGen Firewall F-Series) is activated.

Google Apps Accounts Enforcement
In some cases, users with their own Google Apps account may be able to circumvent Safe Search enforcement settings by logging in from their workstation with their own Google Apps account. To prevent this, all Barracuda NextGen Firewalls enforce and limit Google Apps Accounts logins only for a list of predefined Apps accounts easily created the administrator.

Mail Security Gateway

Mail is still one of the most common ways of spreading malware. Barracuda NextGen Firewalls include all necessary means to prevent incoming email to the corporate mail server from being infected.

Malware Protection

The optional Malware Protection shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Malware protection is based on regular signature updates as well as heuristics to detect malware or other potentially unwanted programs even before signatures are available. The malware protection covers viruses, worms, Trojans, malicious Java applets, and programs using known exploits on PDF, pictures and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.

File Content Enforcement

The Barracuda NextGen Firewall F-Series includes true file type detection and enforcement capabilities based not only on extension and MIME type, but also on sophisticated true file type detection algorithms. Bypassing executable files by renaming or compressing is detected and blocked. Besides blocking / allowing connections, the NextGen Firewall F-Series also lets admins change download priorities . For example, if an ISO image started downloading with normal web traffic priority, the admin can increase or decrease the assigned bandwidth for the download, even though the user started downloading via a regular web- browsing session.

Network Security

Intrusion Detection and Prevention
Every Barracuda Next Generation firewall includes a built-in Intrusion Detection and Prevention System (IDS/IPS) that provides complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases, thereby preventing network attacks such as:

SQL injections and arbitrary code executions

Access control attempts and privilege escalations

Cross-site scripting and buffer overflows

DoS and DDoS attacks

Directory traversal and probing and scanning attempts

Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware

By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda NextGen Firewalls can identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems. As part of Barracuda’s Energize Updates subscription automatic IPS signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda NextGen Firewalls are constantly up-to-date.

To further guard against regular DoS/DDoS attacks, the maximum number of new sessions and the allowed total number of sessions from a single source can be specified. This protects against resource exhaustion of your firewalls as well as the servers and networks behind them. These settings are configurable on a perrule basis, thereby ensuring that protected servers with higher loads like web servers may be fully utilized.

Cloud Enablement

The exponential growth in cloud computing offerings has driven more and more organizations to consider adopting a hybrid network WAN with new workloads being deployed predominantly to the cloud. Potential cost savings and the ability to scale up and down are attractive cloud propositions, but the real reason companies move to the cloud is the ability to push products to the market much more quickly.

To fully experience cloud computing benefits, Barracuda NextGen Firewalls help organizations apply the same levels of security and connectivity as if the new network were in the local, on-premises datacenter.

Secure Connectivity to the Cloud
Barracuda NextGen Firewalls are designed from the ground up to enable access to cloud applications by utilizing a unique combination of link bonding, dynamic application prioritization, application-based uplink selection and WAN Optimization techniques to improve the WAN network performance to the cloud, regardless of office type or remote mobile locations.

Deploying Multi-Tier Architectures
Segmenting cloud networks into multiple tiers provides security, visibility, and compliance for on-premises applications. Additionally, this can be leveraged when the applications are deployed in public cloud environments through the Barracuda NextGen Firewall F-Series. The Barracuda NextGen Firewall F secures, restricts, and monitors the communications between these tiers, and limits the potential damage to an organization in the event of an attack. By filling the functional gaps between cloud infrastructure security and a defense-indepth strategy, the Barracuda NextGen Firewall provides protection between the application and data layers, rather than solely where the cloud network starts.

SD-WAN & Performance

With the increasing adoption of virtualization, softwaredefined networks (a.k.a. SD-WAN) and cloud-native applications in today’s business environment, the role of the firewall has evolved from a gateway-based, securityonly device to a set of distributed solutions that make sure the WAN network is available any time for any type of endpoint. Regardless if the WAN endpoint is a headquarters, a remote office, a network in the IaaS cloud, or a mobile endpoint, NextGen Firewalls are expected to enable impeccable WAN performance.

NextGen Firewall units deployed to multiple physical and cloud locations allow an organization to create a fault-tolerant, high-performance WAN network on top of low-cost broadband lines by combining full next-gen deep security inspection, smart policy-based adaptive traffic management, and WAN optimization technology into a single centrally manageable solution. Besides improved fault tolerance against outages and better WAN performance, the solution enables cost optimization strategies when multiple carriers/ISPs are combined to get the required bandwidth at an optimum price. This section highlights of Barracuda NextGen Firewalls’ WAN reliability and performance technologies.

Dynamic Bandwidth Detection and Performance-based Transport Selection
In order to achieve the highest possible quality of service, all Barracuda NextGen Firewall F-Series models pro-actively measure the available VPN bandwidths and - automatically - select the best uplink for a VPN connection based on bandwidth, latency, or combined quality metrics.

Adaptive Bandwidth Reservation
If a measured bandwidth is not sufficient for businesscritical traffic (e.g., VoIP), the F-Series can automatically adjust the allocated bandwidths for non-businesscritical traffic to free up bandwidth for redistribution.

Adaptive Session BalancingUsing multiple transports simultaneously might end up in some clogged transports and some hardly used ones. To avoid this inconvenience, the Barracuda NextGen Firewalls can dynamically balance not only newly created sessions but also already existing ones across the available uplinks.

Traffic Replication
Especially for VoIP traffic it is highly sensitive to paket loss. Barracuda NextGen Firewall F-Series mirrors VoIP/ Video packets and sends these across multiple uplinks smiltaneously. At the destination, the packets are then again combined to provide best voice and video quality

On-Demand Dynamic Mesh VPN
Barracuda NextGen Firewall F-Series deployments in a centrally managed WAN network create VPN tunnels dynamically based on remote peer and application. The typical use case for this technology is on-demand VPN tunnels between two branch offices for a VoIP telephone call, thereby improving call quality. For hybrid networks hosted in public cloud infrastructures like Microsoft Azure or Amazon AWS, this technology can easily be used to enable on-the-fly and direct access to cloud applications from remote offices that otherwise do not need a permanent connection to the cloud

Unified Remote Access

The Barracuda NextGen Firewall F-Series incorporates advanced client-to-site VPN capabilities, using SSL, IPsec, and TINA protocols to ensure remote users can easily and securely access network resources without timeconsuming client configuration and management. The communication protocols used with our clients are optimized to be fully roaming-capable by quickly reconnecting upon loss of communication. Smart pathfinder technology determines the nearest point of entry to the corporate network. By using different ports encapsulated in either TCP or UDP, the advanced NAT traversal technology can easily pass through web proxies.

The influx of private computing devices, be they smartphones, laptops, or tablets, into the workplace may help increase productivity, flexibility, and convenience. However, BYOD (Bring Your Own Device) adds new security challenges and risks, such as enabling and controlling access, as well as preventing data loss. The F-Series provides strong capabilities that give users the full advantage of their devices while reducing possible risks to their business. Unwanted applications can be blocked, LAN segmentation can protect sensitive data, and network access control can check the health state of each device connecting to the corporate network.

Browser Remote Access (SSL VPN)Barracuda’s responsive SSL VPN portal enables you to provide simple browser-based remote access on desktop or mobile devices. When accessing the portal via the web browser on a desktop or mobile device, users can browse apps, network folders, and files as if they were connected to the office network. The responsive portal supports most commonly used devices (Apple iOS, Android, Blackberry, etc.) and is part of the Advanced Remote Access subscription.

CudaLaunch
CudaLaunch is a simple-to-use remote connectivity application specifically designed to securely extend the company network to BYOD and mobile devices. The app is available for Windows, macOS, iOS, and Android, can be downloaded from the App Stores. End users can install the app without elevated privileges on the device. CudaLaunch looks and feels the same on every platform and provides fast, Java-independent access to commonly used applications in the company network, regardless if hosted on-premises or in the cloud. CudaLaunch’s Zero Touch administration features drastically reduce support and administration costs for rapidly changing mobile and BYOD devices.

Once-Only Central Management

To centralize management across many different firewalls and remote access users, the Barracuda NextGen Control Center enables administrators to manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NextGen Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console and deployment can be applied to all managed devices.

Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

Scalable Deployment
Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 firewall systems in place results in five hours per day – just to manage the existing system. With Barracuda NextGen Control Center, managing multiple F-Series deployments takes the same amount of time as managing one.

Lifecycle Management
Scalable Barracuda NextGen Firewalls offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up to date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.

Zero Touch Deployment
Especially for large rollouts without having IT personnel on the floor at the remote locations, the NextGen Firewall F-Series in conjunction with NextGen Control Center support Zero Touch Deployment. This feature allows to send appliances to location without having to pre-setup them beforehand. After unpacking the appliance and powering it up, the appliance automatically connects to the Barracuda Cloud Control where it receives are very basic set of information. This Information is just enough to create a high-secure TINA VPN connection to the NextGen Control Center the appliance shall be assigned to. The full configuration is sent to the appliance via the VPN tunnel and the appliance is part of the security infrastructure without the need of dedicated and trained IT security administrators at the location.

To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).

Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda NextGen Firewall is the most advanced next generation firewall on the market today.

As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda NextGen firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.

What are the major capabilities of the Barracuda NextGen Firewall?

The Barracuda NextGen Firewall is a next generation firewall and VPN that provides:

Integrated content security and network access control

Optimization of intelligent traffic flow across the WAN

Industry-leading centralized management capabilities

What are the differences among the F-Series, S Series and X-Series firewalls?

The Barracuda NextGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDOS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.

The Barracuda NextGen Firewall S-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.

The Barracuda NextGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series’ intuitive web interface has a low learning curve while providing and easy-to-use management interface.

How do I know if I should get the X-Series, F-Series or S-Series?

If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.

If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.

If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the S-Series is the perfect choice for you.

Can I centrally manage multiple firewalls from one place?

Yes, all the Barracuda NextGen Firewall Series—X, F, and S—can be centrally managed from a single pane of glass. The F and S-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.

What is the difference in terms of deployment between the F, S and X-Series firewalls?

The Barracuda NextGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it’s centrally managed using a NextGen Control Center.

The S-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.

The Barracuda NextGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.

What level of support can I expect to receive from Barracuda?

Regardless of whether you’re using the X-Series, F-Series or S-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.

Barracuda NextGen Firewalls include licenses for an unlimited number of IPSec site-to-site connections and IPSec clients through the Barracuda NG VPN Client. The Barracuda NextGen Firewall SSL VPN and NAC option adds a customizable and easy-to-use Web portal-based SSL VPN as well as sophisticated network access control (NAC) functionality. NAC allows enforcement of minimum Windows client security prerequisites before being allowed access to the network or access to a quarantine network. Security posture can be specified according to available Windows patch level, availability of anti-virus and/or anti-spyware and user ID. The Barracuda NG Network Access Client also adds support for 802.1x port based security for 802.1x enabled routers and switches.

Optimization of intelligent traffic flow across the WAN:

The Barracuda NextGen Firewall provides application-aware traffic management and prioritization across the WAN, featuring adaptive routing based on network traffic conditions and link status. In addition, through Barracuda NG Control Center, administrators can efficiently monitor VPN tunnels and firewall status.

Industry Leading Centralized Management Capabilities:

To centralize management across many different firewalls and remote access users, the Barracuda NG Control Center enables administrators to configure security and network access policies, control firmware update revisions, and manage user settings. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.

The Barracuda NG Control Center supports multiple administrators simultaneously - even within the same configuration tree. Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.

What are the differences in levels between the Barracuda NG Control Center editions?

The Barracuda NG Control Center is offered at three levels - Standard Edition, Enterprise Edition and Global Edition. All Barracuda NG Control Center levels enable administration of an unlimited number of Barracuda NextGen Firewall platforms. The Standard Edition allows for a single configuration group. The Enterprise Edition allows for an unlimited number of configuration groups for a single enterprise / tenant or “range.” The Global Edition is designed for service providers who service multiple tenants and allows for separate and secluded configuration trees for each “range.”

What application proxies are included?

Barracuda NextGen Firewalls include application layer proxies for HTTP, HTTPS (optional), FTP, SSH, as well as a generic TCP and SOCKS proxy.

Next-generation firewalls utilizing Layer 7 Application Control can identify and enforce policy on more sophisticated applications that may hide their traffic inside otherwise "safe" port/protocols such as HTTP. Skype and peer-to-peer (P2P) applications are particularly notorious for requiring Layer 7 Application Control for policy enforcement.

The Barracuda NextGen Firewall integrates Layer 7 Application Control into its core firewall functions, enabling enforcement of policy based on user ID, security policy, location, and time of day. Policy actions can include blocking, allowing, throttling, or even enabling or disabling of specific application features.

All Barracuda NG Control Center and Barracuda NextGen Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.

What if I am not looking to replace my entire firewall infrastructure?

In addition to the Barracuda NextGen Firewall, Barracuda Networks offers a set of best-of-breed point solutions to address your needs if you are not looking yet to replace your entire firewall infrastructure. Relevant point solutions include:

The Barracuda NextGen Firewall is a family of hardware and virtual appliances designed to service next generation firewall capabilities to all office locations of enterprise networks. This includes very small remote locations, home offices, branch offices, headquarters and data centers. Typically, Barracuda NextGen Firewall models are sized based on firewall throughput, VPN throughput, concurrent connections, and the features selected. For more information, please contact your Barracuda Networks systems engineer.

No. The Barracuda NextGen Firewall models include a license to an unlimited number of Barracuda NG VPN clients. With the purchase of the Barracuda SSL VPN and NAC option, there is no licensed limit to the number of Barracuda NG Network Access clients or Barracuda NG SSL VPN users.

What is included in the Energize Updates subscription for the Barracuda NextGen Firewall?

Documentation:

Please Note: Energize Updates and Instant Replacement Subscriptions need to be maintained for every Barracuda Product. All subscriptions are continuous and must start from the date of activation. Renewals purchases are continuous and start from the date of expiration of your current subscriptions. No exceptions.

Benefitis of Energize Updates:

Basic Support, which includes email support 24x7 and phone support between the hours of 9 a.m. and 5 p.m. Monday through Friday in the US (Pacific Time), Japan, China, Austria and the United Kingdom time zones.

Firmware Maintenance which includes new firmware updates with feature enhancements and bug fixes.

Security Updates to patch or repair any security vulnerabilities.

Optional participation in the Barracuda Early Release Firmware program.

Benefits of Instant Replacement:

Enhanced Support which provides phone and email support 24x7.

Data migration service for Barracuda Spam & Virus Firewalls. Barracuda Networks will assist movement of data and configuration from the old product to the new product if the old data is accessible.

Data recovery service for Barracuda Backup Servers. In the event of a disaster and upon request, Barracuda Networks will preload the most recent data and configuration stored by Barracuda Networks to the new product (note this may take additional time).

Instant Replacement includes next business day replacement hardware, Enhanced 24x7 Phone and Email Support, Data Migration and Data Recovery Services, Hard Disk Replacement and a Hardware Refresh every 4 years.